6017 matches found
phpMyAdmin < 2.9.1 Multiple Vulnerabilities
The version of phpMyAdmin installed on the remote host allows an unauthenticated attacker to bypass variable blacklisting in its globalization routine and destroy, for example, the contents of session variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'...
DEBIAN-CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
DEBIAN-CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
CVE-2006-5117
CVE-2006-5117 concerns phpMyAdmin prior to 2.9.1-rc1, where a libraries directory under the web document root had insufficient access control, enabling remote attackers to obtain sensitive information via direct requests for certain files. Several connected advisories confirm the issue and docume...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-5117
phpMyAdmin before 2.9.1-rc1 has a libraries directory under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via direct requests for certain files...
CVE-2006-5116
CVE-2006-5116 affects phpMyAdmin prior to 2.9.1-rc1, with multiple CSRF vulnerabilities that allow remote attackers to perform actions as another user by (1) setting a token in the URL via dynamic variable evaluation and (2) unsetting arbitrary variables through $_REQUEST. Affected components inc...
FreeBSD : phpmyadmin -- CSRF vulnerabilities (19b17ab4-51e0-11db-a5ae-00508d6a62df)
phpMyAdmin team reports : We received a security advisory from Stefan Esser [email protected] and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link. %NASLMINLEVEL 70300 C Tenable Network Security, In...
[Full-disclosure] Advisory 07/2006: phpMyAdmin Multiple CSRF Vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin Multiple CSRF Vulnerabilities Release Date: 2006/10/01 Last Modified: 2006/10/01 Author: Stefan Esser [email protected] Application: phpMyAdmin = 2.9.0...
XSRF (Cross Site Request Forgery) vulnerabilities
PMASA-2006-5 Announcement-ID: PMASA-2006-5 Date: 2006-10-01 Summary XSRF Cross Site Request Forgery vulnerabilities Description We received a security advisory from Stefan Esser [email protected] and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by...
phpmyadmin -- XSRF vulnerabilities
phpMyAdmin team reports: We received a security advisory from Stefan Esser [email protected] and we wish to thank him for his work. It was possible to inject arbitrary SQL commands by forcing an authenticated user to follow a crafted link...
phpMyAdmin < 2.9.1-rc1 Multiple Vulnerabilities
Binary data 3756.prm...